mcpmake 0.1.0

package/dist/transformer/auth-detector.js

@@ -0,0 +1,90 @@
+export function detectAuthSchemes(securitySchemes) {
+    const authSchemes = [];
+    const envVars = [];
+    const oauthFlows = [];
+    for (const [name, scheme] of Object.entries(securitySchemes)) {
+        if (scheme.type === 'apiKey') {
+            authSchemes.push({
+                type: 'apiKey',
+                envVarName: 'API_KEY',
+                headerName: scheme.name,
+                in: scheme.in,
+                description: `API key for ${name}`,
+            });
+            envVars.push({
+                name: 'API_KEY',
+                description: `API key (sent as ${scheme.in} "${scheme.name}")`,
+                required: true,
+            });
+        }
+        else if (scheme.type === 'http' && scheme.scheme === 'bearer') {
+            authSchemes.push({
+                type: 'http-bearer',
+                envVarName: 'BEARER_TOKEN',
+                description: `Bearer token for ${name}`,
+            });
+            envVars.push({
+                name: 'BEARER_TOKEN',
+                description: 'Bearer authentication token',
+                required: true,
+            });
+        }
+        else if (scheme.type === 'http' && scheme.scheme === 'basic') {
+            authSchemes.push({
+                type: 'http-basic',
+                envVarName: 'BASIC_USERNAME',
+                description: `Basic auth for ${name}`,
+            });
+            envVars.push({ name: 'BASIC_USERNAME', description: 'Basic auth username', required: true }, { name: 'BASIC_PASSWORD', description: 'Basic auth password', required: true });
+        }
+        else if (scheme.type === 'oauth2') {
+            authSchemes.push({
+                type: 'oauth2',
+                envVarName: 'OAUTH2_CLIENT_ID',
+                description: `OAuth2 for ${name}`,
+            });
+            // Extract flow details
+            const flows = scheme.flows;
+            if (flows?.authorizationCode) {
+                const flow = flows.authorizationCode;
+                oauthFlows.push({
+                    authorizationUrl: flow.authorizationUrl,
+                    tokenUrl: flow.tokenUrl,
+                    scopes: Object.keys(flow.scopes ?? {}),
+                    flowType: 'authorizationCode',
+                });
+            }
+            if (flows?.clientCredentials) {
+                const flow = flows.clientCredentials;
+                oauthFlows.push({
+                    tokenUrl: flow.tokenUrl,
+                    scopes: Object.keys(flow.scopes ?? {}),
+                    flowType: 'clientCredentials',
+                });
+            }
+            // Emit OAuth env vars
+            envVars.push({ name: 'OAUTH2_CLIENT_ID', description: 'OAuth2 client ID', required: true }, { name: 'OAUTH2_CLIENT_SECRET', description: 'OAuth2 client secret', required: false }, {
+                name: 'OAUTH2_TOKEN',
+                description: 'Pre-obtained OAuth2 token (alternative to client credentials)',
+                required: false,
+            });
+            if (flows?.authorizationCode) {
+                envVars.push({
+                    name: 'OAUTH2_REDIRECT_URI',
+                    description: 'OAuth2 redirect URI for authorization code flow',
+                    required: false,
+                    example: 'http://localhost:3000/callback',
+                });
+            }
+        }
+    }
+    // Deduplicate env vars by name
+    const seen = new Set();
+    const uniqueEnvVars = envVars.filter((v) => {
+        if (seen.has(v.name))
+            return false;
+        seen.add(v.name);
+        return true;
+    });
+    return { authSchemes, envVars: uniqueEnvVars, oauthFlows };
+}

package/dist/transformer/catalog-builder.d.ts

@@ -0,0 +1,18 @@
+import type { ToolDefinition } from '../types/index.js';
+export interface CatalogEntry {
+    name: string;
+    title: string;
+    description: string;
+    method: string;
+    path: string;
+    inputSchema: Record<string, unknown>;
+    pathParams: string[];
+    queryParams: string[];
+    hasRequestBody: boolean;
+    requestBodyContentType: string;
+}
+/**
+ * Build a tool catalog JSON from tool definitions.
+ * Used by dynamic discovery mode to avoid registering all tools upfront.
+ */
+export declare function buildCatalog(tools: ToolDefinition[]): CatalogEntry[];

package/dist/transformer/catalog-builder.js

@@ -0,0 +1,56 @@
+/**
+ * Build a tool catalog JSON from tool definitions.
+ * Used by dynamic discovery mode to avoid registering all tools upfront.
+ */
+export function buildCatalog(tools) {
+    return tools.map((tool) => ({
+        name: tool.name,
+        title: tool.title,
+        description: tool.description,
+        method: tool.method,
+        path: tool.pathTemplate,
+        inputSchema: parseInputSchema(tool.inputSchemaCode),
+        pathParams: tool.pathParams,
+        queryParams: tool.queryParams,
+        hasRequestBody: tool.hasRequestBody,
+        requestBodyContentType: tool.requestBodyContentType,
+    }));
+}
+/**
+ * Parse the Zod code string into a JSON Schema-like object for the catalog.
+ * This is a best-effort conversion for display purposes.
+ */
+function parseInputSchema(zodCode) {
+    // Extract field names and types from the Zod code
+    const fields = {};
+    const fieldPattern = /(\w+):\s*z\.(\w+)/g;
+    let match;
+    while ((match = fieldPattern.exec(zodCode)) !== null) {
+        fields[match[1]] = match[2];
+    }
+    if (Object.keys(fields).length === 0) {
+        return { type: 'object', properties: {} };
+    }
+    const properties = {};
+    for (const [name, type] of Object.entries(fields)) {
+        properties[name] = { type: mapZodType(type) };
+    }
+    return { type: 'object', properties };
+}
+function mapZodType(zodType) {
+    switch (zodType) {
+        case 'string':
+            return 'string';
+        case 'number':
+        case 'int':
+            return 'number';
+        case 'boolean':
+            return 'boolean';
+        case 'array':
+            return 'array';
+        case 'object':
+            return 'object';
+        default:
+            return 'string';
+    }
+}

package/dist/transformer/client-compat.d.ts

@@ -0,0 +1,6 @@
+import type { ToolDefinition } from '../types/index.js';
+export type ClientMode = 'cursor' | 'claude' | 'openai';
+/**
+ * Apply client-specific compatibility transforms to tool definitions.
+ */
+export declare function applyClientCompat(tools: ToolDefinition[], client: ClientMode): ToolDefinition[];

package/dist/transformer/client-compat.js

@@ -0,0 +1,44 @@
+import { logger } from '../utils/logger.js';
+const CLIENT_LIMITS = {
+    cursor: { maxToolNameLength: 60, maxTools: 40 },
+    claude: { maxToolNameLength: 128, maxTools: 1000 },
+    openai: { maxToolNameLength: 128, maxTools: 128 },
+};
+/**
+ * Apply client-specific compatibility transforms to tool definitions.
+ */
+export function applyClientCompat(tools, client) {
+    const limits = CLIENT_LIMITS[client];
+    let result = tools.map((t) => ({ ...t }));
+    // Truncate tool names to client limit
+    const renamed = new Map();
+    for (const tool of result) {
+        if (tool.name.length > limits.maxToolNameLength) {
+            const original = tool.name;
+            tool.name = tool.name.slice(0, limits.maxToolNameLength);
+            renamed.set(original, tool.name);
+        }
+    }
+    // Deduplicate after truncation
+    const nameCount = new Map();
+    for (const t of result) {
+        nameCount.set(t.name, (nameCount.get(t.name) ?? 0) + 1);
+    }
+    for (const tool of result) {
+        if ((nameCount.get(tool.name) ?? 0) > 1) {
+            // Append a hash suffix to make unique, staying within limit
+            const suffix = `_${tool.method}`;
+            const maxBase = limits.maxToolNameLength - suffix.length;
+            tool.name = tool.name.slice(0, maxBase) + suffix;
+        }
+    }
+    if (renamed.size > 0) {
+        logger.warn(`[${client}] Truncated ${renamed.size} tool name(s) to ${limits.maxToolNameLength} chars`);
+    }
+    // Enforce max tool count
+    if (result.length > limits.maxTools) {
+        logger.warn(`[${client}] Tool count (${result.length}) exceeds limit (${limits.maxTools}). Keeping first ${limits.maxTools}.`);
+        result = result.slice(0, limits.maxTools);
+    }
+    return result;
+}

package/dist/transformer/har-clusterer.d.ts

@@ -0,0 +1,9 @@
+import type { NormalizedEntry } from '../parser/har-normalizer.js';
+export interface EntryCluster {
+    signature: string;
+    method: string;
+    normalizedPath: string;
+    baseUrl: string;
+    entries: NormalizedEntry[];
+}
+export declare function clusterEntries(entries: NormalizedEntry[]): EntryCluster[];

package/dist/transformer/har-clusterer.js

@@ -0,0 +1,27 @@
+export function clusterEntries(entries) {
+    const groups = new Map();
+    for (const entry of entries) {
+        const method = entry.entry.request.method.toUpperCase();
+        const signature = `${method} ${entry.normalizedPath}`;
+        const existing = groups.get(signature);
+        if (existing) {
+            existing.push(entry);
+        }
+        else {
+            groups.set(signature, [entry]);
+        }
+    }
+    const clusters = [];
+    for (const [signature, clusterEntries] of groups) {
+        const [method, ...pathParts] = signature.split(' ');
+        const normalizedPath = pathParts.join(' ');
+        clusters.push({
+            signature,
+            method: method.toLowerCase(),
+            normalizedPath,
+            baseUrl: clusterEntries[0].baseUrl,
+            entries: clusterEntries,
+        });
+    }
+    return clusters;
+}

package/dist/transformer/har-dedup.d.ts

@@ -0,0 +1,10 @@
+import type { NormalizedEntry } from '../parser/har-normalizer.js';
+/**
+ * Deduplicate HAR entries that are likely pagination or retries.
+ *
+ * Strategy:
+ * - Group by method + normalizedPath (same as clustering)
+ * - Within each group, detect pagination patterns (same URL with different page/offset/cursor params)
+ * - Remove retries: consecutive requests to the same URL within 5s with same method
+ */
+export declare function deduplicateEntries(entries: NormalizedEntry[]): NormalizedEntry[];

package/dist/transformer/har-dedup.js

@@ -0,0 +1,81 @@
+/**
+ * Deduplicate HAR entries that are likely pagination or retries.
+ *
+ * Strategy:
+ * - Group by method + normalizedPath (same as clustering)
+ * - Within each group, detect pagination patterns (same URL with different page/offset/cursor params)
+ * - Remove retries: consecutive requests to the same URL within 5s with same method
+ */
+export function deduplicateEntries(entries) {
+    const result = [];
+    const seenSignatures = new Map();
+    for (const entry of entries) {
+        const url = entry.entry.request.url;
+        const method = entry.entry.request.method;
+        const signature = `${method} ${stripPaginationParams(url)}`;
+        const timestamp = new Date(entry.entry.startedDateTime).getTime();
+        const seen = seenSignatures.get(signature);
+        if (seen) {
+            // Skip retries: same signature within 5 seconds
+            if (timestamp - seen.lastTime < 5000) {
+                seen.lastTime = timestamp;
+                seen.count++;
+                continue;
+            }
+            // Skip excessive pagination: keep at most 3 examples per endpoint
+            if (isPaginationVariant(url, entries, entry) && seen.count >= 3) {
+                seen.lastTime = timestamp;
+                seen.count++;
+                continue;
+            }
+        }
+        seenSignatures.set(signature, {
+            lastTime: timestamp,
+            count: (seen?.count ?? 0) + 1,
+        });
+        result.push(entry);
+    }
+    return result;
+}
+const PAGINATION_PARAMS = new Set([
+    'page',
+    'offset',
+    'limit',
+    'cursor',
+    'after',
+    'before',
+    'skip',
+    'take',
+    'per_page',
+    'page_size',
+    'pagesize',
+    'start',
+    'count',
+    'from',
+    'next_token',
+    'continuation',
+]);
+function stripPaginationParams(url) {
+    try {
+        const parsed = new URL(url);
+        for (const key of [...parsed.searchParams.keys()]) {
+            if (PAGINATION_PARAMS.has(key.toLowerCase())) {
+                parsed.searchParams.delete(key);
+            }
+        }
+        return `${parsed.origin}${parsed.pathname}${parsed.search}`;
+    }
+    catch {
+        return url;
+    }
+}
+function isPaginationVariant(url, allEntries, current) {
+    try {
+        const parsed = new URL(url);
+        const paramKeys = [...parsed.searchParams.keys()].map((k) => k.toLowerCase());
+        return paramKeys.some((k) => PAGINATION_PARAMS.has(k));
+    }
+    catch {
+        return false;
+    }
+}

package/dist/transformer/har-schema-inferrer.d.ts

@@ -0,0 +1,15 @@
+import type { JsonSchema } from '../types/index.js';
+/**
+ * Infer a JSON Schema from a sample JSON value.
+ * Handles objects, arrays, and primitives.
+ */
+export declare function inferJsonSchema(value: unknown, depth?: number): JsonSchema;
+/**
+ * Try to parse a response body as JSON and infer its schema.
+ * Returns undefined if not JSON or parsing fails.
+ */
+export declare function inferResponseSchema(body: string | undefined, mimeType: string): JsonSchema | undefined;
+/**
+ * Try to parse a request body and infer its schema.
+ */
+export declare function inferRequestBodySchema(text: string | undefined, mimeType: string): JsonSchema | undefined;

package/dist/transformer/har-schema-inferrer.js

@@ -0,0 +1,90 @@
+import { isDangerousKey } from '../utils/sanitize.js';
+const MAX_INFERENCE_DEPTH = 20;
+/**
+ * Infer a JSON Schema from a sample JSON value.
+ * Handles objects, arrays, and primitives.
+ */
+export function inferJsonSchema(value, depth = 0) {
+    if (depth > MAX_INFERENCE_DEPTH) {
+        return { type: 'object' };
+    }
+    if (value === null || value === undefined) {
+        return { type: 'string' };
+    }
+    if (Array.isArray(value)) {
+        if (value.length === 0) {
+            return { type: 'array', items: {} };
+        }
+        return { type: 'array', items: inferJsonSchema(value[0], depth + 1) };
+    }
+    if (typeof value === 'object') {
+        const properties = {};
+        const required = [];
+        for (const [key, val] of Object.entries(value)) {
+            if (isDangerousKey(key))
+                continue;
+            properties[key] = inferJsonSchema(val, depth + 1);
+            if (val !== null && val !== undefined) {
+                required.push(key);
+            }
+        }
+        return {
+            type: 'object',
+            properties,
+            ...(required.length > 0 ? { required } : {}),
+        };
+    }
+    if (typeof value === 'number') {
+        return Number.isInteger(value) ? { type: 'integer' } : { type: 'number' };
+    }
+    if (typeof value === 'boolean') {
+        return { type: 'boolean' };
+    }
+    return { type: 'string' };
+}
+/**
+ * Try to parse a response body as JSON and infer its schema.
+ * Returns undefined if not JSON or parsing fails.
+ */
+export function inferResponseSchema(body, mimeType) {
+    if (!body || !mimeType.includes('json'))
+        return undefined;
+    try {
+        const parsed = JSON.parse(body);
+        return inferJsonSchema(parsed);
+    }
+    catch {
+        return undefined;
+    }
+}
+/**
+ * Try to parse a request body and infer its schema.
+ */
+export function inferRequestBodySchema(text, mimeType) {
+    if (!text)
+        return undefined;
+    if (mimeType.includes('json')) {
+        try {
+            return inferJsonSchema(JSON.parse(text));
+        }
+        catch {
+            return undefined;
+        }
+    }
+    if (mimeType.includes('x-www-form-urlencoded')) {
+        const params = new URLSearchParams(text);
+        const properties = {};
+        const required = [];
+        for (const [key, value] of params) {
+            properties[key] = { type: 'string' };
+            required.push(key);
+            // Try to detect numbers/booleans
+            if (/^\d+$/.test(value))
+                properties[key] = { type: 'integer' };
+            else if (value === 'true' || value === 'false')
+                properties[key] = { type: 'boolean' };
+        }
+        return { type: 'object', properties, required };
+    }
+    return undefined;
+}

package/dist/transformer/har-to-operations.d.ts

@@ -0,0 +1,13 @@
+import type { OperationDescriptor } from '../types/index.js';
+import type { EntryCluster } from './har-clusterer.js';
+export interface HarConversionResult {
+    operations: OperationDescriptor[];
+    baseUrl: string;
+    detectedAuth: DetectedAuth[];
+}
+export interface DetectedAuth {
+    type: 'bearer' | 'basic' | 'apiKey';
+    headerName: string;
+    exampleValue?: string;
+}
+export declare function clustersToOperations(clusters: EntryCluster[]): HarConversionResult;

package/dist/transformer/har-to-operations.js

@@ -0,0 +1,192 @@
+import { mergeRequestBodySchemas } from './schema-merger.js';
+const AUTH_HEADER_PATTERNS = [
+    { pattern: /^Bearer\s+/i, schemeName: 'bearer' },
+    { pattern: /^Basic\s+/i, schemeName: 'basic' },
+    { pattern: /^Token\s+/i, schemeName: 'token' },
+];
+const CUSTOM_AUTH_HEADERS = [
+    'x-api-key',
+    'api-key',
+    'authorization-token',
+    'x-auth-token',
+    'x-access-token',
+    'x-csrf-token',
+    'x-session-token',
+];
+const SESSION_COOKIE_PATTERNS = [
+    /^sess/i,
+    /^sid$/i,
+    /^session/i,
+    /^token/i,
+    /^auth/i,
+    /^jwt/i,
+    /^connect\.sid$/i,
+];
+export function clustersToOperations(clusters) {
+    const operations = [];
+    const allAuth = new Map();
+    let baseUrl = '';
+    for (const cluster of clusters) {
+        if (!baseUrl)
+            baseUrl = cluster.baseUrl;
+        const canonical = pickCanonicalEntry(cluster.entries);
+        const entry = canonical.entry;
+        const auth = detectAuth(entry);
+        for (const a of auth) {
+            allAuth.set(a.headerName.toLowerCase(), a);
+        }
+        const operationId = generateOperationId(cluster.method, cluster.normalizedPath);
+        const parameters = [];
+        // Path params from normalization
+        for (const pp of canonical.pathParams) {
+            const schemaType = pp.inferredType === 'integer' ? 'integer' : 'string';
+            const schema = pp.inferredType === 'uuid' ? { type: 'string', format: 'uuid' } : { type: schemaType };
+            parameters.push({
+                name: pp.name,
+                in: 'path',
+                required: true,
+                description: pp.name,
+                schema,
+            });
+        }
+        // Query params merged across all entries in cluster
+        const queryMap = new Map();
+        for (const ne of cluster.entries) {
+            for (const qp of ne.queryParams) {
+                const existing = queryMap.get(qp.name);
+                if (existing) {
+                    existing.values.add(qp.exampleValue);
+                }
+                else {
+                    queryMap.set(qp.name, { values: new Set([qp.exampleValue]), type: qp.inferredType });
+                }
+            }
+        }
+        for (const [name, info] of queryMap) {
+            parameters.push({
+                name,
+                in: 'query',
+                required: false,
+                schema: { type: info.type },
+            });
+        }
+        // Request body — merge schemas across all entries in the cluster
+        let requestBody;
+        const bodyEntries = cluster.entries
+            .map((ne) => ne.entry.request.postData)
+            .filter((pd) => !!pd?.text)
+            .map((pd) => ({ text: pd.text, mimeType: pd.mimeType }));
+        if (bodyEntries.length > 0) {
+            const mergedSchema = mergeRequestBodySchemas(bodyEntries);
+            if (mergedSchema) {
+                requestBody = {
+                    required: true,
+                    contentType: bodyEntries[0].mimeType.split(';')[0].trim(),
+                    schema: mergedSchema,
+                };
+            }
+        }
+        // Security
+        const security = auth.map((a) => ({
+            schemeName: a.type,
+            scopes: [],
+        }));
+        operations.push({
+            operationId,
+            method: cluster.method,
+            path: cluster.normalizedPath,
+            summary: `${cluster.method.toUpperCase()} ${cluster.normalizedPath}`,
+            tags: [extractTag(cluster.normalizedPath)],
+            parameters,
+            requestBody,
+            responses: [],
+            security,
+            deprecated: false,
+        });
+    }
+    return {
+        operations,
+        baseUrl,
+        detectedAuth: [...allAuth.values()],
+    };
+}
+function pickCanonicalEntry(entries) {
+    // Prefer entries with 2xx responses
+    const successful = entries.filter((e) => e.entry.response.status >= 200 && e.entry.response.status < 300);
+    return successful[0] ?? entries[0];
+}
+function detectAuth(entry) {
+    const result = [];
+    for (const header of entry.request.headers) {
+        const name = header.name.toLowerCase();
+        if (name === 'authorization') {
+            for (const { pattern, schemeName } of AUTH_HEADER_PATTERNS) {
+                if (pattern.test(header.value)) {
+                    result.push({
+                        type: schemeName,
+                        headerName: 'Authorization',
+                        exampleValue: '[REDACTED]',
+                    });
+                    break;
+                }
+            }
+        }
+        if (CUSTOM_AUTH_HEADERS.includes(name)) {
+            result.push({
+                type: 'apiKey',
+                headerName: header.name,
+                exampleValue: '[REDACTED]',
+            });
+        }
+        // Detect cookie-based session auth
+        if (name === 'cookie') {
+            const cookies = header.value.split(';').map((c) => c.trim().split('=')[0]);
+            for (const cookieName of cookies) {
+                if (SESSION_COOKIE_PATTERNS.some((p) => p.test(cookieName))) {
+                    result.push({
+                        type: 'apiKey',
+                        headerName: 'Cookie',
+                        exampleValue: '[REDACTED]',
+                    });
+                    break;
+                }
+            }
+        }
+    }
+    return result;
+}
+function generateOperationId(method, path) {
+    const segments = path
+        .replace(/\{[^}]+\}/g, '')
+        .split('/')
+        .filter(Boolean);
+    const resource = segments[segments.length - 1] ?? 'resource';
+    switch (method.toLowerCase()) {
+        case 'get':
+            return path.includes('{') ? `get_${singularize(resource)}` : `list_${resource}`;
+        case 'post':
+            return `create_${singularize(resource)}`;
+        case 'put':
+        case 'patch':
+            return `update_${singularize(resource)}`;
+        case 'delete':
+            return `delete_${singularize(resource)}`;
+        default:
+            return `${method.toLowerCase()}_${resource}`;
+    }
+}
+function extractTag(path) {
+    const segments = path.split('/').filter((s) => s && !s.startsWith('{'));
+    // Skip api/v1/v2 prefixes
+    const meaningful = segments.filter((s) => !/^(api|v\d+)$/i.test(s));
+    return meaningful[0] ?? 'default';
+}
+function singularize(word) {
+    if (word.endsWith('ies'))
+        return word.slice(0, -3) + 'y';
+    if (word.endsWith('ses') || word.endsWith('xes') || word.endsWith('zes'))
+        return word.slice(0, -2);
+    if (word.endsWith('s') && !word.endsWith('ss'))
+        return word.slice(0, -1);
+    return word;
+}

package/dist/transformer/index.d.ts

@@ -0,0 +1,8 @@
+export { toToolName, toToolTitle, toFileName, toFunctionName } from './naming.js';
+export { detectAuthSchemes } from './auth-detector.js';
+export { buildToolDefinition, buildAllTools } from './tool-builder.js';
+export { clusterEntries } from './har-clusterer.js';
+export type { EntryCluster } from './har-clusterer.js';
+export { clustersToOperations } from './har-to-operations.js';
+export type { HarConversionResult, DetectedAuth } from './har-to-operations.js';
+export { inferJsonSchema, inferResponseSchema, inferRequestBodySchema, } from './har-schema-inferrer.js';

package/dist/transformer/index.js

@@ -0,0 +1,6 @@
+export { toToolName, toToolTitle, toFileName, toFunctionName } from './naming.js';
+export { detectAuthSchemes } from './auth-detector.js';
+export { buildToolDefinition, buildAllTools } from './tool-builder.js';
+export { clusterEntries } from './har-clusterer.js';
+export { clustersToOperations } from './har-to-operations.js';
+export { inferJsonSchema, inferResponseSchema, inferRequestBodySchema, } from './har-schema-inferrer.js';